diff options
Diffstat (limited to 'sepolicy/vendor')
-rw-r--r-- | sepolicy/vendor/app.te | 2 | ||||
-rw-r--r-- | sepolicy/vendor/hal_camera_default.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/init.te | 1 | ||||
-rw-r--r-- | sepolicy/vendor/system_app.te | 1 |
4 files changed, 1 insertions, 4 deletions
diff --git a/sepolicy/vendor/app.te b/sepolicy/vendor/app.te index 35378d6..776c7c6 100644 --- a/sepolicy/vendor/app.te +++ b/sepolicy/vendor/app.te @@ -1,5 +1,5 @@ # Allow appdomain to get vendor_camera_prop -allow { appdomain -isolated_app } hal_mlipay_hwservice:hwservice_manager find; +allow { appdomain -isolated_app -ephemeral_app -mediaprovider -untrusted_app_27 -untrusted_app -untrusted_app_25 -runas_app } hal_mlipay_hwservice:hwservice_manager find; binder_call({ appdomain -isolated_app }, hal_mlipay_default) get_prop({ appdomain -isolated_app }, mlipay_prop) get_prop({ appdomain -isolated_app }, hal_fingerprint_prop) diff --git a/sepolicy/vendor/hal_camera_default.te b/sepolicy/vendor/hal_camera_default.te index 0f40bbd..34531cb 100644 --- a/sepolicy/vendor/hal_camera_default.te +++ b/sepolicy/vendor/hal_camera_default.te @@ -1,6 +1,5 @@ binder_call(hal_camera_default, hal_configstore_default) binder_call(hal_camera_default, hal_graphics_allocator_default) -allow hal_camera_default { hal_configstore_ISurfaceFlingerConfigs hal_graphics_allocator_hwservice }:hwservice_manager find; allow hal_camera_default sysfs:file { getattr open read }; allow hal_camera_default sysfs_kgsl:file { getattr open read }; diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te index 734baea..16ca39b 100644 --- a/sepolicy/vendor/init.te +++ b/sepolicy/vendor/init.te @@ -3,4 +3,3 @@ allow init ipa_dev:chr_file open; allow init ion_device:chr_file ioctl; allow init property_socket:sock_file write; allow init sysfs_dm:file { open write }; -allow init tee_device:chr_file { write ioctl }; diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te index c7d0026..c4a7f00 100644 --- a/sepolicy/vendor/system_app.te +++ b/sepolicy/vendor/system_app.te @@ -1,3 +1,2 @@ allow system_app vendor_default_prop:file { getattr open read }; allow system_app wificond:binder call; -add_service(system_app, goodixhw_service) |